Image
"...[R]ansomware-on-demand services and self-modifying code easily generate completely new code with the same functionality, making this detection method obsolete. The ransomware distribution system described by Cybereason in its Operation Kofer research is just one example of an attack where each victim was infected with a unique ransomware binary. In addition, ransomware is the preferred payload for drive-by download and malvertising campaigns. Both of these attacks infect victims without their knowledge, and unfortunately, spam filters and sandbox email scanning systems cannot prevent them."The security firm has analyzed tens of thousands of variants of over 40 ransomware families including Locky, CryptoWall, TeslaCrypt, and Cerber. Most of those samples behave in a similar fashion: low-level file encryption. Cybereason therefore developed its utility so that it could detect ransomware by what it does and not by its signature. According to a test performed by Lawrence Abrams of Bleeping Computer, RansomFree works by creating a number of randomly named folders throughout a computer that act as honeypots. Those folders start with symbols like "$" and "!," which ensures ransomware would scan them first.
Image
